PT-2017-3339 · Augeas+5 · Augeas+5

Published

2017-08-17

Updated

2018-03-09

CVE-2017-7555

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Augeas versions up to and including 1.8.0

Description The issue is caused by a heap-based buffer overflow due to improper handling of escaped strings. An attacker could send crafted strings that would cause the application using Augeas to copy past the end of a buffer, leading to a crash or possible code execution. This can be exploited by a remote attacker to execute arbitrary code or cause a denial of service by sending specially crafted strings.

Recommendations For Augeas versions up to and including 1.8.0, update to a version later than 1.8.0 to resolve the issue. At the moment, there is no information about other specific mitigation measures for this vulnerability.

Fix

Buffer Overflow

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-122

Related Identifiers

ALT-PU-2017-2080

BDU:2018-00104

CESA-2017_2788

CVE-2017-7555

DLA-1067-1

DSA-3949-1

MGASA-2017-0306

OPENSUSE-SU-2024:10641-1

RHSA-2017:2788

RHSA-2017_2788

RHSA-2019:2403

SUSE-SU-2018:0650-1

SUSE-SU-2018:0652-1

SUSE-SU-2018:0653-1

SUSE-SU-2018_0650-1

SUSE-SU-2018_0652-1

USN-3400-1

Affected Products

Alt Linux

Augeas

Centos

Red Hat

Suse

Ubuntu

PT-2017-3339 · Augeas+5 · Augeas+5

CVE-2017-7555

Weakness Enumeration

Related Identifiers

Affected Products

References · 35